TL; DR
- A third-party tool that installed Play Store on Windows 11 PCs also brought a number of other nasty add-ons.
- Windows Toolbox installed a malicious Chrome extension and outlined scripts.
- The extension redirected users to questionable affiliate and referral links.
Microsoft launched Windows 11 late last year, and the most notable addition was Android app support via the Amazon AppStore. Users can sideload apps with some effort, but there were also several unofficial ways to install the Google Play Store.
One of these solutions, called the Windows Toolbox, installs the Play Store, debloats Windows 11, and offers several additional features. However, Bleeding computer has reported that Windows Toolbox actually infected users’ computers with malicious Chrome extensions, questionable scripts, and possibly other malware.
What does this tool actually do?
Outlet explained that the tool was actually a Trojan that executed hidden PowerShell scripts. These scripts created scheduled tasks in Windows 11, such as killing processes and creating other tasks. It also created a hidden c: system file directory and then copied the default Chrome, Edge, and Brave browser profiles to that directory.
A malicious Chromium extension was also created in this hidden directory that uploaded the victim’s geographic information while also redirecting the user to affiliate and referral links. More specifically, Bleeding computer reported that users visiting whatsapp.com would be redirected to URLs associated with “monetize” scams, unwanted apps, and games and browser notification scams.
Have you installed Play Store on your Windows 11 PC?
333 votes
Users were advised to check for the existence of these suspicious scheduled tasks and the hidden system file folder if they thought their PC was infected. You will then delete the scheduled tasks, associated Python files, and that folder.
Either way, it is clear that you should definitely express more caution when it comes to installing Play Store on your Windows 11 device.